Creating a spring security login with jwt can be tedious and has a lot of boilerplate code. This is a basic pre-written boilerplate code for using spring security 3 with jwt. This can easily be customized and used for different projects.
Rename application.propertiesExample to application.properties and fill all values. Postgres, MySQL and h2 have been added to the dependencies, feel free to use your preference.
Download the project dependencies and run the application.
Create some sample users. It takes a username, password and role to create a user. Please remember to encrypt the password. Since this is more on login, there is no new user endpoint. I'll probably add that later for test purposes. User roles should be prefixed with ROLE, for instance ROLE_ADMIN, ROLE_USER
Test the endpoints
| ROUTE | VERB | ACTION | REQUIRES TOKEN |
|---|---|---|---|
| /api/v1/auth | POST | Returns a token. 403 if username or password is invalid | False |
| /api/v1/hello | GET | Return "Hello for all people!". Can be accessed by anyone | True |
| /api/v1/hello/admin | GET | Return "For admin eyes only bro!". Can be accessed only admin | True |
| /api/v1/hello/user | GET | Return "For user eyes only bro!". Can be accessed only user | True |
- Spring Boot 3.0 Security | Authentication and Authorization | [New Changes] | javaTechie
- Spring Boot 3.0 + Spring Security 6 | JWT Authentication & Authorization | JavaTechie
- JwtUtils Note that the deprecated methods in the Jwt Utils repo were fixed replaced by javatechie.
- Spring Security Tutorial - [NEW] [2023]